The introduction of new General Data Protection Regulation(GDPR) laws
THE introduction of new General Data Protection Regulation(GDPR) laws later this month will change the rules, regulations and business practices around data protection dramatically.
Marie Kell, head of commercial law at Andrew Jackson Solicitors LLP, along with Jonathan Dale, the firm's head of employment, have provided answers to some frequently asked questions, designed to help businesses prepare and comply in the run up to the new regulations coming into force on 25 May 2018: -
What are the key differences between the old legislation and these new regulations?
Mandatory breach reporting is now in place and fines are now set at a much higher level than they were previously. Another important shift for all those who deal with data to bear in mind is that the requirements on consent are set at a much higher level than they were previously. There is no such thing as an ‘implied’ consent, and ‘opting in’ is mandatory.
Where should businesses look for reliable guidance on these issues?
Guidance has been issued from both the article 29 working party and the Information Commissioner’s Office (ICO). The ICO website contains step by step guides and information in plain English that we know many of our clients have found really useful.
What are the implications for businesses that fail to prepare or comply with the new legislation?
One of the key issues that this legislation hopes to address is the lack of consumer faith in how data is stored and used. The desire to improve upon it has been one of the main drivers from the government, so we can expect enforcement to be a key part of these new regulations.
The regulators are seeking accountability from businesses, and the reassurance that they can demonstrate their compliance at any time. This is about more than just fines; it's about reassuring customers and stakeholders and protecting reputation.
With just a few weeks until GDPR comes into force, what steps should businesses take now?
The key thing is to get a handle on the data that your business holds and how it is used. For this, you will need to ask yourself several key questions, including:
What data do we hold?
How is it stored?
How was it obtained?
How is it used?
Can we prove that consent was given for us to obtain it?
Are any third parties involved in its usage?
This is a huge undertaking in itself, and one that cuts across departments such as HR, marketing and IT, so it’s important to make sure that you plan the process effectively and start as soon as you can.
If you’re unsure of the implications of the data you have gathered, and how it fits in with the new regulations, make sure that you seek legal advice.